CVE-2026-55200
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk50th percentile — higher than 50% of all known CVEs
Summary
libssh2 up to version 1.11.1 has an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on the packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
Risk Assessment
An attacker can remotely take control of a system using the vulnerable libssh2 library, leading to data breaches, service disruption, or full IT environment compromise.
Recommendation
Immediately update libssh2 to a version containing the fix (commit 7acf3df) or later. If an update is not possible, restrict access to services using libssh2 to trusted networks only.
Original NVD description (English source)
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

